Rule History

SID: 2017511 • Source: et/open

Versions (3)

Version DetailsCurrent

Rev: 4 • Sep 24, 2013, 12:00 PM

Message:

ET MALWARE APT.Agtid callback

Rule:

alert http $HOME_NET any -> $EXTERNAL_NET 443 (msg:"ET MALWARE APT.Agtid callback"; flow:established,to_server; http.method; content:"POST"; http.header; content:"Agtid|3a 20|"; reference:url,www.fireeye.com/blog/technical/cyber-exploits/2013/09/operation-deputydog-zero-day-cve-2013-3893-attack-against-japanese-targets.html; classtype:targeted-activity; sid:2017511; rev:4; metadata:created_at 2013_09_24, signature_severity Major, updated_at 2020_04_27;)

Created:

Sep 24, 2013, 12:00 PM

Updated:

Apr 27, 2020, 12:00 PM

DB Created:

Sep 21, 2024, 3:00 AM

DB Updated:

May 30, 2025, 12:04 AM

Filename:

rules/emerging-malware.rules